- tor-commits - lists.torproject.org

[arm/release] Use gtk theme colors for bandwidth graphs.
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit c599d1faca5a66c34a26b7bf5231844e80fb81b7 Author: Kamran Riaz Khan <krkhan(a)inspirated.com> Date: Sun Jul 10 19:47:46 2011 +0500 Use gtk theme colors for bandwidth graphs. --- src/gui/graphing/graphStats.py | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/gui/graphing/graphStats.py b/src/gui/graphing/graphStats.py index 0d9ac5f..51150f8 100644 --- a/src/gui/graphing/graphStats.py +++ b/src/gui/graphing/graphStats.py @@ -62,10 +62,14 @@ class GraphStats(TorCtl.PostEventListener): series = CaGraphSeriesArea(graph, 0, 1) - line_colors = {'primary' : (1.0, 0.0, 1.0, 1.0), 'secondary' : (0.0, 1.0, 0.0, 1.0)} - fill_colors = {'primary' : (1.0, 0.0, 1.0, 0.3), 'secondary' : (0.0, 1.0, 0.0, 0.3)} - series.style.line_color = line_colors[name] - series.style.fill_color = fill_colors[name] + primaryColor = placeholder.style.fg[gtk.STATE_NORMAL] + secondaryColor = placeholder.style.fg[gtk.STATE_INSENSITIVE] + colors = { 'primary' : (primaryColor.red_float, primaryColor.green_float, primaryColor.blue_float, 0.5), + 'secondary' : (secondaryColor.red_float, secondaryColor.green_float, secondaryColor.blue_float, 0.7) } + + series.style.point_radius = 0.0 + series.style.line_color = colors[name] + series.style.fill_color = colors[name] graph.seriess.append(series) graph.grid = CaGraphGrid(graph, 0, 1)

1 0

[arm/release] fix: uncaught exceptions when resuming borken conf
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit 1c0c1f3029fbde3441c881930b292a0176d4e02d Author: Damian Johnson <atagar(a)torproject.org> Date: Sat Jul 9 23:19:34 2011 -0700 fix: uncaught exceptions when resuming borken conf When selecting 'Use Last Configuration' in the wizard or 'Start Tor' from the menu when the last torrc was broken caused uncaught exceptions. It's actually better if the starter function did logging itself instead so passing on a success boolean instead. --- src/cli/controller.py | 23 +++++++++++++++++------ src/cli/wizard.py | 18 +++++++----------- 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/src/cli/controller.py b/src/cli/controller.py index a04bf99..e30af3f 100644 --- a/src/cli/controller.py +++ b/src/cli/controller.py @@ -459,7 +459,8 @@ class TorManager: def startManagedInstance(self): """ - Starts a managed instance of tor, raising an IOError if unsuccessful. + Starts a managed instance of tor, logging a warning if unsuccessful. This + returns True if successful and False otherwise. """ torrcLoc = self.getTorrcPath() @@ -472,16 +473,26 @@ class TorManager: while not torctlConn and time.time() - startTime < 5: try: torctlConn, authType, authValue = TorCtl.preauth_connect(controlPort = int(CONFIG["wizard.default"]["Control"])) - except IOError, exc: time.sleep(0.5) + except IOError: time.sleep(0.5) if not torctlConn: - raise IOError("try running \"tor -f %s\" for error output" % torrcLoc) + msg = "Unable to start tor, try running \"tor -f %s\" to see the error output" % torrcLoc + log.log(log.WARN, msg) + return False if authType == TorCtl.AUTH_TYPE.COOKIE: - torctlConn.authenticate(authValue) - torTools.getConn().init(torctlConn) + try: + torctlConn.authenticate(authValue) + torTools.getConn().init(torctlConn) + return True + except Exception, exc: + msg = "Unable to connect to Tor: %s" % exc + log.log(log.WARN, msg) + return False else: - raise IOError("unexpected authentication type '%s'" % authType) + msg = "Unable to connect to Tor, unexpected authentication type '%s'" % authType + log.log(log.WARN, msg) + return False def shutdownDaemons(): """ diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 6d2e623..be7ac8a 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -294,17 +294,13 @@ def showWizard(): torrcFile.write(generatedTorrc) torrcFile.close() - try: - conn = torTools.getConn() - - # If we're connected to a managed instance then just need to - # issue a sighup to pick up the new settings. Otherwise starts - # a new tor instance. - - if manager.isManaged(conn): conn.reset() - else: manager.startManagedInstance() - except IOError, exc: - log.log(log.WARN, "Unable to start tor, %s" % exc) + # If we're connected to a managed instance then just need to + # issue a sighup to pick up the new settings. Otherwise starts + # a new tor instance. + + conn = torTools.getConn() + if manager.isManaged(conn): conn.reset() + else: manager.startManagedInstance() break elif confirmationSelection == CANCEL: break

1 0

[arm/release] fix: right of daybreak dividers hidden
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit 1edaf1a6dcfb7e029ba1c35d701e8e5e36369f09 Author: Damian Johnson <atagar(a)torproject.org> Date: Sun Jul 10 16:21:22 2011 -0700 fix: right of daybreak dividers hidden Raising the width attribute earlier caused an off by one error where the right bound of log daybreak divider wasn't visible. --- src/cli/logPanel.py | 14 +++++++------- 1 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/cli/logPanel.py b/src/cli/logPanel.py index 2561416..9ea4ecb 100644 --- a/src/cli/logPanel.py +++ b/src/cli/logPanel.py @@ -1014,8 +1014,8 @@ class LogPanel(panel.Panel, threading.Thread): if seenFirstDateDivider: if lineCount >= 1 and lineCount < height and showDaybreaks: self.addch(lineCount, dividerIndent, curses.ACS_LLCORNER, dividerAttr) - self.hline(lineCount, dividerIndent + 1, width - dividerIndent - 1, dividerAttr) - self.addch(lineCount, width, curses.ACS_LRCORNER, dividerAttr) + self.hline(lineCount, dividerIndent + 1, width - dividerIndent - 2, dividerAttr) + self.addch(lineCount, width - 1, curses.ACS_LRCORNER, dividerAttr) lineCount += 1 @@ -1026,7 +1026,7 @@ class LogPanel(panel.Panel, threading.Thread): self.addch(lineCount, dividerIndent + 1, curses.ACS_HLINE, dividerAttr) self.addstr(lineCount, dividerIndent + 2, timeLabel, curses.A_BOLD | dividerAttr) - lineLength = width - dividerIndent - len(timeLabel) - 2 + lineLength = width - dividerIndent - len(timeLabel) - 3 self.hline(lineCount, dividerIndent + len(timeLabel) + 2, lineLength, dividerAttr) self.addch(lineCount, dividerIndent + len(timeLabel) + 2 + lineLength, curses.ACS_URCORNER, dividerAttr) @@ -1054,7 +1054,7 @@ class LogPanel(panel.Panel, threading.Thread): drawLine = lineCount + lineOffset if lineOffset == maxEntriesPerLine: break - maxMsgSize = width - cursorLoc + maxMsgSize = width - cursorLoc - 1 if len(msg) > maxMsgSize: # message is too long - break it up if lineOffset == maxEntriesPerLine - 1: @@ -1068,7 +1068,7 @@ class LogPanel(panel.Panel, threading.Thread): if drawLine < height and drawLine >= 1: if seenFirstDateDivider and width - dividerIndent >= 3 and showDaybreaks: self.addch(drawLine, dividerIndent, curses.ACS_VLINE, dividerAttr) - self.addch(drawLine, width, curses.ACS_VLINE, dividerAttr) + self.addch(drawLine, width - 1, curses.ACS_VLINE, dividerAttr) self.addstr(drawLine, cursorLoc, msg, format) @@ -1084,8 +1084,8 @@ class LogPanel(panel.Panel, threading.Thread): if not deduplicatedLog and seenFirstDateDivider: if lineCount < height and showDaybreaks: self.addch(lineCount, dividerIndent, curses.ACS_LLCORNER, dividerAttr) - self.hline(lineCount, dividerIndent + 1, width - dividerIndent - 1, dividerAttr) - self.addch(lineCount, width, curses.ACS_LRCORNER, dividerAttr) + self.hline(lineCount, dividerIndent + 1, width - dividerIndent - 2, dividerAttr) + self.addch(lineCount, width - 1, curses.ACS_LRCORNER, dividerAttr) lineCount += 1

1 0

[arm/release] Display circuit lines appropriately.
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit d3ebb46af66d04be2f78905e8ea6d18c07ce6b52 Author: Kamran Riaz Khan <krkhan(a)inspirated.com> Date: Mon Jul 11 01:04:11 2011 +0500 Display circuit lines appropriately. --- src/gui/connections/circEntry.py | 28 +++++++++++++++------------- 1 files changed, 15 insertions(+), 13 deletions(-) diff --git a/src/gui/connections/circEntry.py b/src/gui/connections/circEntry.py index b3aa29a..11876f8 100644 --- a/src/gui/connections/circEntry.py +++ b/src/gui/connections/circEntry.py @@ -4,37 +4,39 @@ Connection panel entries for client circuits. import time -from cli.connections import circEntry -from util import gtkTools +from cli.connections import circEntry, entries +from gui.connections import connEntry +from util import gtkTools, uiTools class CircEntry(circEntry.CircEntry): @classmethod def convertToGui(self, instance): instance.__class__ = self -class CircHeaderLine(circEntry.CircHeaderLine): +class CircHeaderLine(circEntry.CircHeaderLine, connEntry.ConnectionLine): @classmethod def convertToGui(self, instance): instance.__class__ = self def getListingRow(self, listingType): - local = "%s:%s" % (self.local.ipAddr, self.local.port) - foreign = "%s:%s" % (self.foreign.ipAddr, self.foreign.port) - timeLabel = "%d s" % (time.time() - self.startTime) + row = connEntry.ConnectionLine.getListingRow(self, listingType) theme = gtkTools.Theme() + return row[:-1] + (theme.colors['active'],) - return (local, foreign, timeLabel, self.baseType, theme.colors['active']) - -class CircLine(circEntry.CircLine): +class CircLine(circEntry.CircLine, connEntry.ConnectionLine): @classmethod def convertToGui(self, instance): instance.__class__ = self def getListingRow(self, listingType): - local = "%s:%s" % (self.local.ipAddr, self.local.port) - foreign = "%s:%s" % (self.foreign.ipAddr, self.foreign.port) - timeLabel = "%d s" % (time.time() - self.startTime) + dst, etc = "", "" + + if listingType == entries.ListingType.IP_ADDRESS: + dst = self.getDestinationLabel(100, includeLocale=True) + etc = self.foreign.getNickname() + + timeLabel = uiTools.getTimeLabel(time.time() - self.startTime) theme = gtkTools.Theme() - return (local, foreign, timeLabel, self.baseType, theme.colors['normal']) + return (dst, etc, timeLabel, self.getType(), theme.colors['insensitive'])

1 0

[arm/release] Handling when tor needs root to start
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit c801be076450e0ee1c80d02c3523d91f63ef6bfa Author: Damian Johnson <atagar(a)torproject.org> Date: Mon Jul 11 12:44:37 2011 -0700 Handling when tor needs root to start When connecting to privileged ports the tor process needs root permissions to start. If the torrc needs root then I shouldn't offer to start tor with arm, and the wizard makes a startup shell script rather than making a doomed attempt to start tor. Currently the startup script is just a stub - I'll need to wait until I have a connection to fill in all the shell scripting voodoo. --- src/cli/controller.py | 59 +++++++++++++++++++++++++++++++++-------------- src/cli/headerPanel.py | 11 +++++++- src/cli/wizard.py | 37 +++++++++++++++++++---------- src/resources/startTor | 14 +++++++++++ src/util/torConfig.py | 36 +++++++++++++++++++++++++++++ 5 files changed, 124 insertions(+), 33 deletions(-) diff --git a/src/cli/controller.py b/src/cli/controller.py index c6534b3..d4fcf2f 100644 --- a/src/cli/controller.py +++ b/src/cli/controller.py @@ -379,10 +379,10 @@ class Controller: with a slash and is created if it doesn't already exist. """ - dataDir = CONFIG["startup.dataDirectory"] + dataDir = os.path.expanduser(CONFIG["startup.dataDirectory"]) if not dataDir.endswith("/"): dataDir += "/" if not os.path.exists(dataDir): os.makedirs(dataDir) - return os.path.expanduser(dataDir) + return dataDir def getTorManager(self): """ @@ -458,10 +458,26 @@ class TorManager: def isTorrcAvailable(self): """ - True if a wizard generated torrc exists, false otherwise. + True if a wizard generated torrc exists and the user has permissions to + run it, false otherwise. """ - return os.path.exists(self.getTorrcPath()) + torrcLoc = self.getTorrcPath() + if os.path.exists(torrcLoc): + # If we aren't running as root and would be trying to bind to low ports + # then the startup will fail due to permissons. Attempts to check for + # this in the torrc. If unable to read the torrc then we probably + # wouldn't be able to use it anyway with our permissions. + + if os.getuid() != 0: + try: + return not torConfig.isRootNeeded(torrcLoc) + except IOError, exc: + log.log(log.INFO, "Failed to read torrc at '%s': %s" % (torrcLoc, exc)) + return False + else: return True + + return False def isManaged(self, conn): """ @@ -485,30 +501,37 @@ class TorManager: # attempts to connect for five seconds (tor might or might not be # immediately available) - torctlConn, authType, authValue = None, None, None - while not torctlConn and time.time() - startTime < 5: + raisedExc = None + + while time.time() - startTime < 5: try: - torctlConn, authType, authValue = TorCtl.preauth_connect(controlPort = int(CONFIG["wizard.default"]["Control"])) - except IOError: time.sleep(0.5) + self.connectManagedInstance() + return True + except IOError, exc: + raisedExc = exc + time.sleep(0.5) + + if raisedExc: log.log(log.WARN, str(raisedExc)) + return False + + def connectManagedInstance(self): + """ + Attempts to connect to a managed tor instance, raising an IOError if + unsuccessful. + """ + + torctlConn, authType, authValue = TorCtl.preauth_connect(controlPort = int(CONFIG["wizard.default"]["Control"])) if not torctlConn: msg = "Unable to start tor, try running \"tor -f %s\" to see the error output" % torrcLoc - log.log(log.WARN, msg) - return False + raise IOError(msg) if authType == TorCtl.AUTH_TYPE.COOKIE: try: torctlConn.authenticate(authValue) torTools.getConn().init(torctlConn) - return True except Exception, exc: - msg = "Unable to connect to Tor: %s" % exc - log.log(log.WARN, msg) - return False - else: - msg = "Unable to connect to Tor, unexpected authentication type '%s'" % authType - log.log(log.WARN, msg) - return False + raise IOError("Unable to connect to Tor: %s" % exc) def shutdownDaemons(): """ diff --git a/src/cli/headerPanel.py b/src/cli/headerPanel.py index 5a2c1bc..f80eff8 100644 --- a/src/cli/headerPanel.py +++ b/src/cli/headerPanel.py @@ -22,6 +22,7 @@ import threading import TorCtl.TorCtl import cli.popups +import cli.controller from util import log, panel, sysTools, torTools, uiTools @@ -144,8 +145,14 @@ class HeaderPanel(panel.Panel, threading.Thread): log.log(log.NOTICE, "Reconnected to Tor's control port") cli.popups.showMsg("Tor reconnected", 1) except Exception, exc: - # displays notice for failed connection attempt - if exc.args: cli.popups.showMsg("Unable to reconnect (%s)" % exc, 3) + # attempts to use the wizard port too + try: + cli.controller.getController().getTorManager().connectManagedInstance() + log.log(log.NOTICE, "Reconnected to Tor's control port") + cli.popups.showMsg("Tor reconnected", 1) + except: + # displays notice for the first failed connection attempt + if exc.args: cli.popups.showMsg("Unable to reconnect (%s)" % exc, 3) else: isKeystrokeConsumed = False return isKeystrokeConsumed diff --git a/src/cli/wizard.py b/src/cli/wizard.py index efb6d98..be0deb4 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -341,27 +341,38 @@ def showWizard(): torrcFile.write(generatedTorrc) torrcFile.close() + dataDir = cli.controller.getController().getDataDirectory() + + pathPrefix = os.path.dirname(sys.argv[0]) + if pathPrefix and not pathPrefix.endswith("/"): + pathPrefix = pathPrefix + "/" + # copies exit notice into data directory if it's being used if Options.NOTICE in RelayOptions[relayType] and config[Options.NOTICE].getValue() and config[Options.LOWPORTS].getValue(): - dataDir = cli.controller.getController().getDataDirectory() - - pathPrefix = os.path.dirname(sys.argv[0]) - if pathPrefix and not pathPrefix.endswith("/"): - pathPrefix = pathPrefix + "/" - src = "%sresources/exitNotice" % pathPrefix dst = "%sexitNotice" % dataDir if not os.path.exists(dst): shutil.copytree(src, dst) - # If we're connected to a managed instance then just need to - # issue a sighup to pick up the new settings. Otherwise starts - # a new tor instance. - - conn = torTools.getConn() - if manager.isManaged(conn): conn.reload() - else: manager.startManagedInstance() + if manager.isTorrcAvailable(): + # If we're connected to a managed instance then just need to + # issue a sighup to pick up the new settings. Otherwise starts + # a new tor instance. + + conn = torTools.getConn() + if manager.isManaged(conn): conn.reload() + else: manager.startManagedInstance() + else: + # If we don't have permissions to run the torrc we just made then + # makes a shell script they can run as root to start tor. + + src = "%sresources/startTor" % pathPrefix + dst = "%sstartTor" % dataDir + if not os.path.exists(dst): shutil.copy(src, dst) + + msg = "Tor needs root permissions to start with this configuration (it will drop itself to a 'tor-arm' user afterward). To continue...\n- open another terminal\n- run \"sudo %s\"\n- press 'r' here to tell arm to reconnect" % dst + log.log(log.NOTICE, msg) break elif confirmationSelection == CANCEL: break diff --git a/src/resources/startTor b/src/resources/startTor new file mode 100755 index 0000000..c575c23 --- /dev/null +++ b/src/resources/startTor @@ -0,0 +1,14 @@ +#!/bin/sh +# +# When binding to privilaged ports the tor process needs to start with root +# permissions, then lower the user it's running as afterward. This script +# simply makes a "tor-arm" user if it doesn't already exist then starts the +# tor process. + +# TODO: check if the user's running as root +# TODO: check if the tor-arm user exists and if not, make it +# TODO: run arm +# TODO: bonus points: double check that the torrc in this directory has a +# "User tor-arm" entry - this would be a problem if they run the wizard +# without low ports, then use this script + diff --git a/src/util/torConfig.py b/src/util/torConfig.py index 8510c7a..2eca571 100644 --- a/src/util/torConfig.py +++ b/src/util/torConfig.py @@ -52,6 +52,9 @@ MAN_EX_INDENT = 15 # indentation used for man page examples PERSIST_ENTRY_DIVIDER = "-" * 80 + "\n" # splits config entries when saving to a file MULTILINE_PARAM = None # cached multiline parameters (lazily loaded) +# torrc options that bind to ports +PORT_OPT = ("SocksPort", "ORPort", "DirPort", "ControlPort", "TransPort") + def loadConfig(config): config.update(CONFIG) @@ -845,6 +848,39 @@ def _testConfigDescriptions(): print "\"%s\"" % description if i != len(sortedOptions) - 1: print "-" * 80 +def isRootNeeded(torrcPath): + """ + Returns True if the given torrc needs root permissions to be ran, False + otherwise. This raises an IOError if the torrc can't be read. + + Arguments: + torrcPath - torrc to be checked + """ + + try: + torrcFile = open(torrcPath, "r") + torrcLines = torrcFile.readlines() + torrcFile.close() + + for line in torrcLines: + line = line.strip() + + isPortOpt = False + for opt in PORT_OPT: + if line.startswith(opt): + isPortOpt = True + break + + if isPortOpt and " " in line: + arg = line.split(" ")[1] + + if arg.isdigit() and int(arg) <= 1024 and int(arg) != 0: + return True + + return False + except Exception, exc: + raise IOError(exc) + def renderTorrc(template, options, commentIndent = 30): """ Uses the given template to generate a nicely formatted torrc with the given

1 0

[arm/release] Copying exit notice to data dir when needed
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit 9d473588c4aedcbc6832a4c3927210b876c5d4c9 Author: Damian Johnson <atagar(a)torproject.org> Date: Sun Jul 10 17:29:31 2011 -0700 Copying exit notice to data dir when needed If running an exit with an exit notice then copies the notice (an html file and image) to the data directory. --- src/cli/wizard.py | 23 ++++++++++++++++++++--- 1 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 6539a82..9b8c1d7 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -295,12 +295,26 @@ def showWizard(): torrcFile.write(generatedTorrc) torrcFile.close() + # copies exit notice into data directory if it's being used + if Options.NOTICE in RelayOptions[relayType] and config[Options.NOTICE].getValue() and config[Options.LOWPORTS].getValue(): + dataDir = cli.controller.getController().getDataDirectory() + + pathPrefix = os.path.dirname(sys.argv[0]) + if pathPrefix and not pathPrefix.endswith("/"): + pathPrefix = pathPrefix + "/" + + src = "%sresources/exitNotice" % pathPrefix + dst = "%sexitNotice" % dataDir + + if not os.path.exists(dst): + shutil.copytree(src, dst) + # If we're connected to a managed instance then just need to # issue a sighup to pick up the new settings. Otherwise starts # a new tor instance. conn = torTools.getConn() - if manager.isManaged(conn): conn.reset() + if manager.isManaged(conn): conn.reload() else: manager.startManagedInstance() break @@ -490,9 +504,12 @@ def getTorrc(relayType, config): if isinstance(value, ConfigOption): value = value.getValue() - # truncates "/s" from the rate for RelayBandwidthRate entry if key == Options.BANDWIDTH and value.endswith("/s"): + # truncates "/s" from the rate for RelayBandwidthRate entry value = value[:-2] + elif key == Options.NOTICE: + # notice option is only applied if using low ports + value &= config[Options.LOWPORTS].getValue() templateOptions[key.upper()] = value @@ -508,7 +525,7 @@ def getTorrc(relayType, config): # exit notice will be in our data directory dataDir = cli.controller.getController().getDataDirectory() - templateOptions["NOTICE_PATH"] = dataDir + "exit-notice.html" + templateOptions["NOTICE_PATH"] = dataDir + "exitNotice/exit-notice.html" templateOptions["LOG_ENTRY"] = "notice file %stor_log" % dataDir policyCategories = []

1 0

[arm/release] Hiding unimplemented wizard options
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit 98c0230194d1575f42759e3515354a3a2c30ab35 Author: Damian Johnson <atagar(a)torproject.org> Date: Sun Jul 10 16:27:51 2011 -0700 Hiding unimplemented wizard options The 'run at startup' and 'tor weather notificaitons' wizard options won't be implemented for this next release so hiding them in the wizard. --- src/cli/wizard.py | 3 ++- src/settings.cfg | 4 ++++ 2 files changed, 6 insertions(+), 1 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index be7ac8a..6539a82 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -85,6 +85,7 @@ CONFIG = {"wizard.message.role": "", "wizard.message.bridge": "", "wizard.message.client": "", "wizard.toggle": {}, + "wizard.disabled": [], "wizard.suboptions": [], "wizard.default": {}, "wizard.blankValue": {}, @@ -377,7 +378,7 @@ def promptConfigOptions(relayType, config): topContent = _splitStr(CONFIG.get("wizard.message.%s" % relayType.lower(), ""), 54) - options = [config[opt] for opt in RelayOptions[relayType]] + options = [config[opt] for opt in RelayOptions[relayType] if not opt in CONFIG["wizard.disabled"]] options.append(Options.DIVIDER) options.append(ConfigOption(BACK, "general", "(to role selection)")) options.append(ConfigOption(NEXT, "general", "(to confirm options)")) diff --git a/src/settings.cfg b/src/settings.cfg index 4551b43..2734c4a 100644 --- a/src/settings.cfg +++ b/src/settings.cfg @@ -362,6 +362,10 @@ wizard.toggle Plaintext => Allow, Block wizard.toggle Distribute => Automated, Manual wizard.toggle Bridged => Yes, No +# the following options haven't been implemented yet +wizard.disabled Notify +wizard.disabled Startup + wizard.suboptions Websites wizard.suboptions Email wizard.suboptions Im

1 0

[arm/release] fix: exit notice file name misspelled
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit 647f7b557e1de2a6ba899267b32e5a551916d584 Author: Damian Johnson <atagar(a)torproject.org> Date: Mon Jul 11 13:20:17 2011 -0700 fix: exit notice file name misspelled The tor exit notice file was misspelled. Changing it to 'index.html' instead since having 'exit notice' in the name is redundant. --- src/cli/wizard.py | 2 +- src/resources/exitNotice/exit-noice.html | 143 ------------------------------ src/resources/exitNotice/index.html | 143 ++++++++++++++++++++++++++++++ 3 files changed, 144 insertions(+), 144 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index be0deb4..b50105e 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -588,7 +588,7 @@ def getTorrc(relayType, config, disabledOpt): # exit notice will be in our data directory dataDir = cli.controller.getController().getDataDirectory() - templateOptions["NOTICE_PATH"] = dataDir + "exitNotice/exit-notice.html" + templateOptions["NOTICE_PATH"] = dataDir + "exitNotice/index.html" templateOptions["LOG_ENTRY"] = "notice file %stor_log" % dataDir policyCategories = [] diff --git a/src/resources/exitNotice/exit-noice.html b/src/resources/exitNotice/exit-noice.html deleted file mode 100644 index 7475984..0000000 --- a/src/resources/exitNotice/exit-noice.html +++ /dev/null @@ -1,143 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> -<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> -<title>This is a Tor Exit Router</title> - - - -</head> -<body> - -This is a -Tor Exit Router - - -Most likely you are accessing this website because you had some issue with -the traffic coming from this IP. This router is part of the <a -href="https://www.torproject.org/">Tor Anonymity Network</a>, which is -dedicated to <a href="https://www.torproject.org/about/overview">providing -privacy</a> to people who need it most: average computer users. This -router IP should be generating no other traffic, unless it has been -compromised. - - - -<a href="https://www.torproject.org/about/overview"> -<img src="how_tor_works_thumb.png" alt="How Tor works" style="border-style:none"/> -</a> - - -Tor sees use by <a href="https://www.torproject.org/about/torusers">many -important segments of the population</a>, including whistle blowers, -journalists, Chinese dissidents skirting the Great Firewall and oppressive -censorship, abuse victims, stalker targets, the US military, and law -enforcement, just to name a few. While Tor is not designed for malicious -computer users, it is true that they can use the network for malicious ends. -In reality however, the actual amount of <a -href="https://www.torproject.org/docs/faq-abuse">abuse</a> is quite low. This -is largely because criminals and hackers have significantly better access to -privacy and anonymity than do the regular users whom they prey upon. Criminals -can and do <a -href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html">build, -sell, and trade</a> far larger and <a -href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distribut…">more -powerful networks</a> than Tor on a daily basis. Thus, in the mind of this -operator, the social need for easily accessible censorship-resistant private, -anonymous communication trumps the risk of unskilled bad actors, who are -almost always more easily uncovered by traditional police work than by -extensive monitoring and surveillance anyway. - - -In terms of applicable law, the best way to understand Tor is to consider it a -network of routers operating as common carriers, much like the Internet -backbone. However, unlike the Internet backbone routers, Tor routers -explicitly do not contain identifiable routing information about the source of -a packet, and no single Tor node can determine both the origin and destination -of a given transmission. - - -As such, there is little the operator of this router can do to help you track -the connection further. This router maintains no logs of any of the Tor -traffic, so there is little that can be done to trace either legitimate or -illegitimate traffic (or to filter one from the other). Attempts to -seize this router will accomplish nothing. - - - - -Furthermore, this machine also serves as a carrier of email, which means that -its contents are further protected under the ECPA. <a -href="http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002707----000…">18 -USC 2707</a> explicitly allows for civil remedies ($1000/account -plus legal fees) -in the event of a seizure executed without good faith or probable cause (it -should be clear at this point that traffic with this originating IP address -should not constitute probable cause to seize the machine). Similar -considerations exist for 1st amendment content on this machine. - - - - -If you are a representative of a company who feels that this router is being -used to violate the DMCA, please be aware that this machine does not host or -contain any illegal content. Also be aware that network infrastructure -maintainers are not liable for the type of content that passes over their -equipment, in accordance with <a -href="http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00000512----000…">DMCA -"safe harbor" provisions</a>. In other words, you will have just as much luck -sending a takedown notice to the Internet backbone providers. Please consult -<a href="https://www.torproject.org/eff/tor-dmca-response">EFF's prepared -response</a> for more information on this matter. - -For more information, please consult the following documentation: - -<ol> -<li><a href="https://www.torproject.org/about/overview">Tor Overview</a></li> -<li><a href="https://www.torproject.org/docs/faq-abuse">Tor Abuse FAQ</a></li> -<li><a href="https://www.torproject.org/eff/tor-legal-faq">Tor Legal FAQ</a></li> -</ol> - - -That being said, if you still have a complaint about the router, you may -email the <a href="mailto:FIXME_YOUR_EMAIL_ADDRESS">maintainer</a>. If -complaints are related to a particular service that is being abused, I will -consider removing that service from my exit policy, which would prevent my -router from allowing that traffic to exit through it. I can only do this on an -IP+destination port basis, however. Common P2P ports are -already blocked. - - -You also have the option of blocking this IP address and others on -the Tor network if you so desire. The Tor project provides a <a -href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">web service</a> -to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a -specified IP:port combination, and an official <a -href="https://www.torproject.org/tordnsel/dist/">DNSRBL</a> is also available to -determine if a given IP address is actually a Tor exit server. Please -be considerate -when using these options. It would be unfortunate to deny all Tor users access -to your site indefinitely simply because of a few bad apples. - -</body> -</html> diff --git a/src/resources/exitNotice/index.html b/src/resources/exitNotice/index.html new file mode 100644 index 0000000..7475984 --- /dev/null +++ b/src/resources/exitNotice/index.html @@ -0,0 +1,143 @@ +<?xml version="1.0"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<title>This is a Tor Exit Router</title> + + + +</head> +<body> + +This is a +Tor Exit Router + + +Most likely you are accessing this website because you had some issue with +the traffic coming from this IP. This router is part of the <a +href="https://www.torproject.org/">Tor Anonymity Network</a>, which is +dedicated to <a href="https://www.torproject.org/about/overview">providing +privacy</a> to people who need it most: average computer users. This +router IP should be generating no other traffic, unless it has been +compromised. + + + +<a href="https://www.torproject.org/about/overview"> +<img src="how_tor_works_thumb.png" alt="How Tor works" style="border-style:none"/> +</a> + + +Tor sees use by <a href="https://www.torproject.org/about/torusers">many +important segments of the population</a>, including whistle blowers, +journalists, Chinese dissidents skirting the Great Firewall and oppressive +censorship, abuse victims, stalker targets, the US military, and law +enforcement, just to name a few. While Tor is not designed for malicious +computer users, it is true that they can use the network for malicious ends. +In reality however, the actual amount of <a +href="https://www.torproject.org/docs/faq-abuse">abuse</a> is quite low. This +is largely because criminals and hackers have significantly better access to +privacy and anonymity than do the regular users whom they prey upon. Criminals +can and do <a +href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html">build, +sell, and trade</a> far larger and <a +href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distribut…">more +powerful networks</a> than Tor on a daily basis. Thus, in the mind of this +operator, the social need for easily accessible censorship-resistant private, +anonymous communication trumps the risk of unskilled bad actors, who are +almost always more easily uncovered by traditional police work than by +extensive monitoring and surveillance anyway. + + +In terms of applicable law, the best way to understand Tor is to consider it a +network of routers operating as common carriers, much like the Internet +backbone. However, unlike the Internet backbone routers, Tor routers +explicitly do not contain identifiable routing information about the source of +a packet, and no single Tor node can determine both the origin and destination +of a given transmission. + + +As such, there is little the operator of this router can do to help you track +the connection further. This router maintains no logs of any of the Tor +traffic, so there is little that can be done to trace either legitimate or +illegitimate traffic (or to filter one from the other). Attempts to +seize this router will accomplish nothing. + + + + +Furthermore, this machine also serves as a carrier of email, which means that +its contents are further protected under the ECPA. <a +href="http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002707----000…">18 +USC 2707</a> explicitly allows for civil remedies ($1000/account +plus legal fees) +in the event of a seizure executed without good faith or probable cause (it +should be clear at this point that traffic with this originating IP address +should not constitute probable cause to seize the machine). Similar +considerations exist for 1st amendment content on this machine. + + + + +If you are a representative of a company who feels that this router is being +used to violate the DMCA, please be aware that this machine does not host or +contain any illegal content. Also be aware that network infrastructure +maintainers are not liable for the type of content that passes over their +equipment, in accordance with <a +href="http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00000512----000…">DMCA +"safe harbor" provisions</a>. In other words, you will have just as much luck +sending a takedown notice to the Internet backbone providers. Please consult +<a href="https://www.torproject.org/eff/tor-dmca-response">EFF's prepared +response</a> for more information on this matter. + +For more information, please consult the following documentation: + +<ol> +<li><a href="https://www.torproject.org/about/overview">Tor Overview</a></li> +<li><a href="https://www.torproject.org/docs/faq-abuse">Tor Abuse FAQ</a></li> +<li><a href="https://www.torproject.org/eff/tor-legal-faq">Tor Legal FAQ</a></li> +</ol> + + +That being said, if you still have a complaint about the router, you may +email the <a href="mailto:FIXME_YOUR_EMAIL_ADDRESS">maintainer</a>. If +complaints are related to a particular service that is being abused, I will +consider removing that service from my exit policy, which would prevent my +router from allowing that traffic to exit through it. I can only do this on an +IP+destination port basis, however. Common P2P ports are +already blocked. + + +You also have the option of blocking this IP address and others on +the Tor network if you so desire. The Tor project provides a <a +href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">web service</a> +to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a +specified IP:port combination, and an official <a +href="https://www.torproject.org/tordnsel/dist/">DNSRBL</a> is also available to +determine if a given IP address is actually a Tor exit server. Please +be considerate +when using these options. It would be unfortunate to deny all Tor users access +to your site indefinitely simply because of a few bad apples. + +</body> +</html>

1 0

[arm/release] Adding wizard option to shutdown tor with arm
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit c29f5fdf9b2da2c097b8b2be8148f6b3dc45d26f Author: Damian Johnson <atagar(a)torproject.org> Date: Sun Jul 10 18:56:04 2011 -0700 Adding wizard option to shutdown tor with arm This option adds a comment flag to the torrc that tells arm to shut down tor when it quits. This will also take advantage of Robert's 'ownership' feature when it's available. --- src/cli/controller.py | 23 +++++++++++++++++++++++ src/cli/wizard.py | 15 +++++++++++---- src/resources/torrcTemplate.txt | 7 +++++++ src/settings.cfg | 8 ++++++++ 4 files changed, 49 insertions(+), 4 deletions(-) diff --git a/src/cli/controller.py b/src/cli/controller.py index e30af3f..c6534b3 100644 --- a/src/cli/controller.py +++ b/src/cli/controller.py @@ -407,6 +407,22 @@ class Controller: self._isDone = True + # check if the torrc has a "ARM_SHUTDOWN" comment flag, if so then shut + # down the instance + + isShutdownFlagPresent = False + torrcContents = torConfig.getTorrc().getContents() + + if torrcContents: + for line in torrcContents: + if "# ARM_SHUTDOWN" in line: + isShutdownFlagPresent = True + break + + if isShutdownFlagPresent: + try: torTools.getConn().shutdown() + except IOError, exc: cli.popups.showMsg(str(exc), 3, curses.A_BOLD) + if CONFIG["features.offerTorShutdownOnQuit"]: conn = torTools.getConn() @@ -551,6 +567,13 @@ def connResetListener(conn, eventType): resolver.setPaused(eventType == torTools.State.CLOSED) if eventType in (torTools.State.INIT, torTools.State.RESET): + # Reload the torrc contents. If the torrc panel is present then it will + # do this instead since it wants to do validation and redraw _after_ the + # new contents are loaded. + + if getController().getPanel("torrc") == None: + torConfig.getTorrc().load(True) + torPid = conn.getMyPid() if torPid and torPid != resolver.getPid(): diff --git a/src/cli/wizard.py b/src/cli/wizard.py index 9b8c1d7..e5d6257 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -23,7 +23,7 @@ TORRC_TEMPLATE = "resources/torrcTemplate.txt" RelayType = enum.Enum("RESUME", "RELAY", "EXIT", "BRIDGE", "CLIENT") # all options that can be configured -Options = enum.Enum("DIVIDER", "CONTROL", "NICKNAME", "CONTACT", "NOTIFY", "BANDWIDTH", "LIMIT", "CLIENT", "LOWPORTS", "PORTFORWARD", "STARTUP", "NOTICE", "POLICY", "WEBSITES", "EMAIL", "IM", "MISC", "PLAINTEXT", "DISTRIBUTE", "BRIDGED", "BRIDGE1", "BRIDGE2", "BRIDGE3", "REUSE") +Options = enum.Enum("DIVIDER", "CONTROL", "NICKNAME", "CONTACT", "NOTIFY", "BANDWIDTH", "LIMIT", "CLIENT", "LOWPORTS", "PORTFORWARD", "STARTUP", "RSHUTDOWN", "CSHUTDOWN", "NOTICE", "POLICY", "WEBSITES", "EMAIL", "IM", "MISC", "PLAINTEXT", "DISTRIBUTE", "BRIDGED", "BRIDGE1", "BRIDGE2", "BRIDGE3", "REUSE") RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.CONTACT, Options.NOTIFY, @@ -32,7 +32,8 @@ RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.CLIENT, Options.LOWPORTS, Options.PORTFORWARD, - Options.STARTUP), + Options.STARTUP, + Options.RSHUTDOWN), RelayType.EXIT: (Options.NICKNAME, Options.CONTACT, Options.NOTIFY, @@ -42,6 +43,7 @@ RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.LOWPORTS, Options.PORTFORWARD, Options.STARTUP, + Options.RSHUTDOWN, Options.DIVIDER, Options.NOTICE, Options.POLICY, @@ -56,12 +58,14 @@ RelayOptions = {RelayType.RELAY: (Options.NICKNAME, Options.CLIENT, Options.LOWPORTS, Options.PORTFORWARD, - Options.STARTUP), + Options.STARTUP, + Options.RSHUTDOWN), RelayType.CLIENT: (Options.BRIDGED, Options.BRIDGE1, Options.BRIDGE2, Options.BRIDGE3, - Options.REUSE)} + Options.REUSE, + Options.CSHUTDOWN)} # option sets CUSTOM_POLICIES = (Options.WEBSITES, Options.EMAIL, Options.IM, Options.MISC, Options.PLAINTEXT) @@ -489,6 +493,9 @@ def getTorrc(relayType, config): Provides the torrc generated for the given options. """ + # TODO: When Robert's 'ownership' feature is available take advantage of it + # for the RSHUTDOWN and CSHUTDOWN options. + pathPrefix = os.path.dirname(sys.argv[0]) if pathPrefix and not pathPrefix.endswith("/"): pathPrefix = pathPrefix + "/" diff --git a/src/resources/torrcTemplate.txt b/src/resources/torrcTemplate.txt index 072f847..c31b209 100644 --- a/src/resources/torrcTemplate.txt +++ b/src/resources/torrcTemplate.txt @@ -6,6 +6,13 @@ # # Descriptions of all of these configuraiton attibutes (and many more) are # available in the tor man page. + +[IF RSHUTDOWN | CSHUTDOWN] + [NEWLINE] + # The following flag tells arm to shut down tor when it quits. + # ARM_SHUTDOWN +[END IF] + [NEWLINE] ControlPort 9052 # port controllers can connect to CookieAuthentication 1 # method for controller authentication diff --git a/src/settings.cfg b/src/settings.cfg index 2734c4a..c6d483d 100644 --- a/src/settings.cfg +++ b/src/settings.cfg @@ -352,6 +352,8 @@ wizard.toggle Client => Enabled, Disabled wizard.toggle Lowports => Yes, No wizard.toggle Portforward => Enabled, Disabled wizard.toggle Startup => Yes, No +wizard.toggle Rshutdown => Yes, No +wizard.toggle Cshutdown => Yes, No wizard.toggle Notice => Yes, No wizard.toggle Policy => Custom, Default wizard.toggle Websites => Allow, Block @@ -379,6 +381,8 @@ wizard.default Control => 9052 wizard.default Notify => true wizard.default Bandwidth => 5 MB/s wizard.default Startup => true +wizard.default Rshutdown => false +wizard.default Cshutdown => true wizard.default Client => false wizard.default Lowports => true wizard.default Portforward => true @@ -415,6 +419,8 @@ wizard.label.opt Client => Client Usage wizard.label.opt Lowports => Low Relaying Ports wizard.label.opt Portforward => Port Forwarding wizard.label.opt Startup => Run At Startup +wizard.label.opt Rshutdown => Shutdown With Arm +wizard.label.opt Cshutdown => Shutdown With Arm wizard.label.opt Notice => Disclaimer Notice wizard.label.opt Policy => Exit Policy wizard.label.opt Websites => Web Browsing @@ -444,6 +450,8 @@ wizard.description.opt Client => Enable this if you would like to use Tor yourse wizard.description.opt Lowports => Relays using port 443 rather than 9001. This helps some users that would otherwise be blocked, but requires that tor is started with root permissions (after that it lowers itself to those of a 'tor-arm' user). wizard.description.opt Portforward => If needed, attempts NAT traversal using UPnP and NAT-PMP. This allows for automatic port forwarding on most home routers. wizard.description.opt Startup => Runs Tor in the background when the system starts. +wizard.description.opt Rshutdown => When you quit arm the Tor process is stopped thirty seconds later. This delay is so people using you can gracefully switch their circuits. +wizard.description.opt Cshutdown => Stops the Tor process when you quit arm. wizard.description.opt Notice => Provides a disclaimer that this is an exit on port 80 (http://www.atagar.com/exitNotice) wizard.description.opt Policy => Ports allowed to exit from your relay. The default policy allows for common services while limiting the chance of getting a DMCA takedown for torrent traffic (http://www.atagar.com/exitPolicy) wizard.description.opt Websites => General Internet browsing including HTTP (80), HTTPS (443), common alternatives (81, 8008), and proxies (3128, 8080)

1 0

[arm/release] fix: mixing up the relay and client shutdown opts
by atagar＠torproject.org 17 Jul '11

17 Jul '11

commit 2a1daaa179f0c25c15e0d71cb43d7ecbc92e129d Author: Damian Johnson <atagar(a)torproject.org> Date: Mon Jul 11 13:27:05 2011 -0700 fix: mixing up the relay and client shutdown opts There's a separate shutdown option for clients vs relays (RSHUTDOWN vs CSHUTDOWN), the reason being that they have a different default and descriptions. The template was mistakenly taking the logical or of the two options rather than picking the one for our relay type. --- src/cli/wizard.py | 7 +++++++ src/resources/torrcTemplate.txt | 2 +- 2 files changed, 8 insertions(+), 1 deletions(-) diff --git a/src/cli/wizard.py b/src/cli/wizard.py index b50105e..6caf490 100644 --- a/src/cli/wizard.py +++ b/src/cli/wizard.py @@ -600,6 +600,13 @@ def getTorrc(relayType, config, disabledOpt): if config[Options.IM].getValue(): policyCategories.append("im") if config[Options.MISC].getValue(): policyCategories.append("misc") + # uses the CSHUTDOWN or RSHUTDOWN option based on if we're running as a + # client or not + if relayType == RelayType.CLIENT: + templateOptions["SHUTDOWN"] = templateOptions[Options.CSHUTDOWN.upper()] + else: + templateOptions["SHUTDOWN"] = templateOptions[Options.RSHUTDOWN.upper()] + if policyCategories: isEncryptedOnly = not config[Options.PLAINTEXT].getValue() diff --git a/src/resources/torrcTemplate.txt b/src/resources/torrcTemplate.txt index c31b209..d23ed0b 100644 --- a/src/resources/torrcTemplate.txt +++ b/src/resources/torrcTemplate.txt @@ -7,7 +7,7 @@ # Descriptions of all of these configuraiton attibutes (and many more) are # available in the tor man page. -[IF RSHUTDOWN | CSHUTDOWN] +[IF SHUTDOWN] [NEWLINE] # The following flag tells arm to shut down tor when it quits. # ARM_SHUTDOWN

1 0